<?php
// this file processes the input from the form produced by profile.php when viewing one's profile

// include the file containing initialization of the database and session
include('config.php');

// if the user is not logged in, should not access this
if(!isset($_SESSION['username']))
{
	echo 'Opps, you are not allowed to access this page.';
}
else
{
	// insert the status message into the database
	$sql = "insert into statmsgs values('?'," . $_SESSION['userid'] . ", NOW(), '" . mysql_real_escape_string($_POST['statusmsg'])."')";
	mysql_query($sql);
	echo 'Status message posted. Go back to <a href="profile.php">your profile</a>.';
}